London & Country Mortgages (L&C) is the UK’s leading fee free mortgage broker. L&C takes your privacy seriously and takes every reasonable precaution to safeguard the personal information you supply to it.
London & Country Mortgages Limited (L&C) is the UK's leading fee free mortgage broker. This privacy notice tells you about how we use your personal information and your information rights.
We are committed to keeping your information safe and secure and ensuring that we are transparent and fair about how we use it.
This Section tells you about us and how to contact us.
London & Country Mortgages Limited (L&C) is a Company limited by shares. Our registered address is Beazer House, Lower Bristol Road, Bristol Road, Bath, BA2 3BA. You can find out more about us on our website at https://www.landc.co.uk/
To help ensure we meet all our obligations we have appointed a Data Protection Officer. If you have any questions or concerns about how your personal information is being used you can contact the DPO
You can also obtain information and advice from the Information Commissioner who is the independent regulator appointed by Parliament to oversee compliance with data protection and information rights: https://ico.org.uk
L&C is registered with the Information Commissioner (registration number Z6282085).
This section summarises what information we collect from you when you contact us, what information we collect from elsewhere, and how this information is used.
Our core business is acting as a mortgage broker. This involves searching against the lenders we deal with to find the mortgage that best suits your circumstances. We do this when you call us by asking you about your identity and contact details; your product preferences; your property and tenancy history and types and number of occupants and their relationship to you; your lifestyle; nationality and residence status; employment, income and expenditure and other financial circumstances. How you answer these questions will determine what other questions we ask you because different lenders serve different parts of the market and have different eligibility criteria. We will always explain the process to you and answer any questions you may have about why certain types of information may be needed.
When you apply for a mortgage through us we will collect your direct debit details to pass on to your lender. If the products you select involve a cost, such as a valuation fee, we will ask for your payment information.
Mortgage lenders are data controllers in their own right and have their own privacy notices. However, because lenders may automatically profile your information against their lending criteria and against Credit Reference Agencies as soon as your information is forwarded to them and this may affect your credit score, we will always bring this to your attention as part of the process so that you are forewarned. We will also make you aware in advance when lenders are likely to debit any funds from your accounts.
We routinely offer our mortgage customers life insurance and building and contents insurance. Where customers express an interest in life insurance we will also collect information about health as this is necessary so that the insurers we deal with can determine cover and premiums.
Apart from the information customers provide to us directly we may also record information about potential vulnerabilities where we think this is appropriate to meet the obligations placed on us by the Financial Conduct Authority (FCA) with regard to vulnerable customers. You can find out more about our obligations to potentially vulnerable customers here:
If you are a pre-existing customer we may use the information we have on you to pre-fill forms when you apply for a new product, but we will always check that these details are accurate and up to date.
We are working with partner services such as Experian to enable us to pre-populate our on-line data collection forms with information about you that is available from accessible sources. This means there is less information for you to type in. But you have control and can change any answer.
However, if you've opened an account or policy with another organisation that we introduced you to, you will need to contact them separately to update your information.
We may record incoming and outgoing calls so that we can be sure that we have captured the information you have given us accurately. This helps us to prevent fraud and resolve any disputes.
We may use your information to contact you about other products that match your profile and may be of interest you. Where we seek consent to do this we make sure we are clear about what methods we can use to contact you. We make sure that you are able to opt out of marketing communications at any time in a way that is convenient to you, including the method you used to contact us.
Quite separately, if you have taken out either a mortgage or an insurance product through us we will contact you when your product is coming to an end to ensure that you are protected and can access the best rates on a new deal. If you do not want us to do this you can ask us at any time to mark your records 'do not contact'.
To help us target audiences more accurately online we share information with organisations such as Experian, who provide third party data services, and publishers such as Facebook. Data service providers can help us in a number of ways; through data matching, that provides additional data about users, and through segmentation and profiling. Segmentation is the process of aggregating normally anonymised information to create a series of 'types' which are then matched against a population which exhibit similar characteristics. Where that data matches to records held by the publisher it can be used to serve tailored online advertisements or similarly to 'suppress' or exclude that audience. Where we do so we make sure that those third party organisations cannot use our customers personal data to enrich their data. Any online advertising platforms we use will enable you to control direct marketing via their privacy settings. We also profile the information we collect from clients to help us improve the customer journey.
We may contact you to conduct market research. We occasionally run promotions, competitions and prize draws but if we ask you for your contact details we will ensure these are not used for marketing unless you are happy to consent to that separately.
We are required by law to submit a Suspicious Activity Report to the National Crime Agency whenever we detect a risk of money laundering or fraudulent activity. The law also permits us to report suspected crime to the appropriate authorities.
We are also required to disclose personal data where required to do so by law or by the order of a court.
We have discretion to disclose personal data where this is necessary for protecting the public against dishonesty.
We use services such as Google Analytics to track how visitors use our website, to understand trends and how the business works and so that we can improve the user experience. But the reports we produce do not identify individuals.
The Cookies Section of this Privacy Notice explains what cookies we use and how you can turn off and control any advertising cookies (subject to your browser functionality).
We use email tracking technology to capture information such as (but not limited to) the time and date our emails are opened, the type of device used and any links within the email clicked on. We may share this information with the organisations listed in Section 5 (for example, mortgage lenders) for the same purposes, but stipulate that they may not use your details for direct marketing unless they have your consent or an existing relationship with you and you have not previously opted out.
We also use telephone tracking technology to capture information such as (but not limited to) the time and date a call is made, the type of device used and the source and page on our website that a customer called from.
As a business we monitor what the public are saying about us on social media such as Facebook and Twitter, so that we can build these comments into improving our products and the ways we interact with customers.
We do not use customer data for generalised training or system testing separate from case management, and always use dummy data sets for these purposes.
When any of our customers apply for a product, the law requires us to check their identity. This makes it harder for criminals to use financial systems, or to use false names and addresses to steal the identities of innocent people. Checking everyone's identity is an important way of fighting money laundering and other criminal activities.
To confirm that you are who you say you are, we'll try to verify your name and address by checking your details against databases held by credit reference agencies and the electoral roll. If we can't verify your name and address in this way, we may ask you to provide us with other documents to confirm these details. This does not affect you credit history or status.
If you are a joint mortgage applicant we will record any information you give us about any other persons who are joined to the application.
If you are referred to us by an Estate Agent our data collection form includes a free form data field that some Estate Agents use to add comments about potential purchases.
We use the information we have about you to provide all the aspects of our service you would expect such as contacting you to prompt you with reminders about renewals and to help resolve any complaints or investigations.
We may also disclose information where permitted by law in connection with the resolution and pursuit of legal rights and disputes.
We do not make fully automated decisions. Our service is to provide the information to lenders and insurers so they can make a decision about the product you have selected.
If you give us a good review we may contact you to ask you if you would like us to publicise your review.
To be lawful we must satisfy at least one of six standard conditions to process your personal information and additionally a stricter condition where we process what is called special category data, such as information about health.
The law says we must have a legal basis for processing personal data. There are six standard data processing grounds or conditions for processing personal data. Where we process what is called 'special category data' (information about health, genetic or biometric data etc) we must additionally have a special category condition or ground for processing your personal data.
We rely on the following conditions for the activities indicated.
In most cases, you'll provide the information covered in section 2 because you want to use our services. Ordinarily for a business this would mean that the condition for processing is contractual However, this condition only applies where a legal contract exists between the parties concerned. Because we act as an intermediary this condition is not available. We therefore rely on what is called the 'legitimate interests' ground for processing. The law provides we can use your information under this condition where our interest in using it is not outweighed by your privacy rights or interests. This means that we can use your personal data only in ways you would reasonably expect and which have a minimal impact on your privacy, or where there is a compelling justification for the processing.
We rely on this condition for the uses we identify in section 2, except where we indicate below that another condition is more relevant.
In order to use your personal data on this basis your consent must be freely given, specific, informed and unambiguous. We rely on this condition for the following purposes:
We need what is called explicit consent where we rely on consent to process what is called sensitive or special category personal data:
*We have a separate Privacy Notice for processing employee's personal data
Find out who we need to share information with to deliver our services to you and when you have a choice about who we share your information with.
If you no longer wish us to share your data with any of these organisations, you may withdraw your consent at any time.
Both the above sets of organisation are each data controllers in their own right and will have their own Privacy Notices that will tell you about how your personal data will be used by them.
Sharing information with these organisations allows us to better understand your needs.
As a UK Company nearly all of our processing of personal information takes place in Europe which has strong data protection standards. Find out how your information is protected on the limited occasions it is transferred outside Europe.
As a UK based company, all the personal information we process is protected by European data protection standards.
The only personal data that is transferred outside the EEA is that processed through Survey Monkey Europe UC and Liveperson.com who have agreed standard contractual terms to protect transfers to Survey Monkey Inc and Liveperson Inc respectively, which are located in the United States and both participate in and have certified their compliance with the EU-US Privacy Shield.
This Section summarises the legal rights you have to protect your personal information and how you can exercise them and find impartial advice and further information.
The following is a list of the rights you have under Data Protection legislation. Not all these rights apply in all circumstances but we will be happy to explain this to you at the time you ask. Independent advice about your rights can be obtained from the Information Commissioner (see Section 1.)
All these rights can usually be exercised free of charge and generally speaking we must respond within one month. If we need longer to respond we will explain why this is necessary within the one month period and tell you more about any rules that affect how you can exercise your rights.
You can make what is called a subject access request for a copy of the information we hold about you.
We must also tell you why we have the information, what types of information we collect; who we share it with and whether, in particular, any of those recipients are outside the European Economic Area; how long we will keep your information for; where the information came from, if we didn't collect it from you directly; the details of any automated decision making and about your rights of complaint to the Information Commissioner.
You will normally have the right to object to how we intend to use your information based on your individual circumstances.
You have an absolute right to object to us using your personal information for the purpose of direct marketing at any time.
This right only applies where a decision which has a legal or similar effect is taken about a person by automated means without any human intervention.
Where such decisions are made individuals have a right to ask for the decision to be reviewed and the data controller must make sure appropriate safeguards are in place. However, L&C does not make automated decisions about any of its clients.
You have a right of complaint to the Information Commissioner (the Supervisory Authority) if you consider any aspect of L&Cs use of your personal information infringes the law. Section 1 provides the contact details.
However, L&C will want to put matters right wherever we can and we would hope that you will contact us in the first instance. You can exercise your data protection rights or complain about how we are processing your personal information by contacting the Data Protection Officer as set out in Section 1.
If your complaint is about the administration, or terms and conditions of a product sold by us but provided by a lender/insurer, you may need to contact them about it. If needed, we'll forward details of your complaint to the lender/insurer concerned, as well as giving you their contact details.
We're committed to keeping your personal information safe and sound. In this section, you'll read about the security measures we take to protect our customers' data.
At L&C, we understand how important it is to keep your personal information secure. We use a variety of technologies and procedures to protect your personal information from accidental or unlawful breaches of security. These include physical, organisational, and technological measures.
All information we process is encrypted in transit so that your personal and financial information is secure. For example, where you share information with us online or we forward this to other organisations online we use HTTPS. Where you create an online account with us you will need to supply a username and password. To protect your account we will encourage you to use a strong password and have implemented two factor authentications.
As covered in section 4, we have to share your information with third parties to carry out some of our services, including lenders and insurers amongst others. We require every third party that we share information with to apply appropriate security safeguards and comply with all the required laws and standards for protecting personal information.
We only keep your personal information for as long as we need to. This section explains how long the different types of records will be kept.
To ensure that we are able to meet our legal, regulatory and customer obligations, L&C will retain client information for the following time periods:
If you request we contact you in relation to our service by providing us with your name and a contact method (e.g. phone, email) through an enquiry form (either on our own, or through a 3rd party website) we will use our best endeavours to contact you as soon as possible. If we are unable to make contact with you, we will retain this information for a period of 90-days from the time we de-activate your lead in our database, to ensure we can fulfil our contractual obligations to our lead partners.
Where our retention schedules indicate a record is otherwise no longer required but you are subscribed to marketing, we delete the record of events and attachments associated with the case but maintain the case record itself so that we know what messages are relevant to you.
We anonymise data against these retention periods on a programmed basis. A back-up copy of the data is retained for a set period to enable the anonymisation process to be validated.
There are a number of different reasons why you may want to clear your browser’s cookies.
For example, if you have changed your mind about which types of cookies you are willing to accept and have changed your settings in our preference centre, though your new preferences will be respected as you continue to browse our website, this does not automatically remove all pre-existing cookies that have already been saved to your device.
Whether for privacy reasons or general computer maintenance and clean up, most browsers make clearing your cookies a fairly easy task.
Note: Before performing the below actions, please bear in mind that clearing cookies from your computer may mean a reduction in usability or even functionality (such as embedded video files) for certain pages of our website.
Please note the following are generic instructions which should enable you to find the required options in most common browsers (if you need more specific instructions for your particular browser you should be able to find these using a standard internet search):
You can check this Privacy Notice to find out about any changes to how we process your personal information.
We will continuously refine this Privacy Notice to make sure we are complying with our obligations to be transparent about how we use your personal information and that it is as concise, transparent, intelligible and as accessible as it can be. However, if we make any changes to how we process your personal information in ways that you would not reasonably expect, we will contact you and bring these changes to your attention.